Having difficulty translating API header to Cribl

Rex

Hello,

I'm new to Cribl stream and am having difficulty translating the API spec from the documentation. I can get all the curls working fine, but I don't know how they translate to cribl. For example, if I'm trying to use cribl for this type of curl:
curl --location --request GET 'https://public-api.cloud.meater.com/v1/devices' \--header 'Authorization: Bearer <JWT>'

What would my discover and collect headers look like to include the "Authorization: Bearer <JWT>?

Cribl is authenticating correctly (I managed to figure that out), but all my requests result in a 400. My authorize expression is `Bearer ${token}`

Any help/insight would be greatly appreciated.

Jon Rust

You only need to use Discover in particular scenarios. To give a related scenario, picture collecting events from files on disk. The discovery phase would produce a list of target files, handing it over to the collect phase. Unless you have a process that can be broken down into tasks like this, you won't need discover.

As for the bearer token method of auth, I'd use something like this:

Rex

Thanks. I got it working that way :)

However, I'd like for Cribl to do the login to fetch the token and use that to pass it to collect so when the token is reset it will not break the pipeline. So from the looks of it my issue is in getting the token passed. If `Bearer ${token}` is used as the Authorize expression, would I use ${token} or ${authToken} in the collect heading?

Jon Rust

Ah, right. You might be able to use the disco phase for this, although that wasn't on the label. :-)

You'll need to capture the token in the disco phase, then you refer to it in the collect phase with ${id}